OSNews: http://www.osnews.com/story/23954/Java_Trojan_Attempts_to_Attack_Mac_OS_X_Fails
Exploring the Future of Computingen-usCopyright 2001-2015, David Adamsadam+nospam@osnews.comTue, 31 Mar 2015 21:25:10 GMThttp://www.osnews.com/images/osnews.gifOSNews.comhttp://www.osnews.com
Alpha and Omega? Or the 12th Imam?http://www.osnews.com/thread?447356
http://www.osnews.com/thread?447356It isn't like a swipe at religion (organized or otherwise) is pertinent to an article about a Java non-vulnerability.Wed, 27 Oct 2010 22:20:00 GMTdonotreply@osnews.com (gus3)CommentsRE: Alpha and Omega? Or the 12th Imam?http://www.osnews.com/thread?447357
http://www.osnews.com/thread?447357Wtf? Since when is a simple reference to the biblical end of days a swipe at religion?Wed, 27 Oct 2010 22:26:00 GMTdonotreply@osnews.com (Thom_Holwerda)CommentsWorm?http://www.osnews.com/thread?447358
http://www.osnews.com/thread?447358Can it be considered a worm just because it's posting on a social networking site by itself? I'm pretty sure it needs to be replicating by itself to be considered one.Wed, 27 Oct 2010 22:28:00 GMTdonotreply@osnews.com (Stratoukos)CommentsSacrilege!http://www.osnews.com/thread?447362
http://www.osnews.com/thread?447362What sacrilegious articles about Apple and Linux being vulnerable to worms and viruses and other stuff when we all know it is totally impossible ;-)Wed, 27 Oct 2010 23:18:00 GMTdonotreply@osnews.com (fran)CommentsDisabling java is sometimes not an optionhttp://www.osnews.com/thread?447370
http://www.osnews.com/thread?447370Considering that the academics they still rely on java applet to display data, and some of them rely on opengl (native binding so users get a lot of these popup).
Advising disabling java is quite the same as advising disabling javascript, that is asking them to disable a vital part of the todays website on which most the user are relying.Thu, 28 Oct 2010 00:11:00 GMTdonotreply@osnews.com (dvhh)CommentsRE[2]: Alpha and Omega? Or the 12th Imam?http://www.osnews.com/thread?447372
http://www.osnews.com/thread?447372When it immediately follows "loses its collective brain and starts panicking". Your own words, Thom.Thu, 28 Oct 2010 00:45:00 GMTdonotreply@osnews.com (gus3)CommentsRE[3]: Alpha and Omega? Or the 12th Imam?http://www.osnews.com/thread?447373
http://www.osnews.com/thread?447373When it immediately follows "loses its collective brain and starts panicking". Your own words, Thom.

It was not a swipe at religion, it was a swipe at the sheep herd mentality of some people. You really need to work on your reading comprehension.Thu, 28 Oct 2010 00:48:00 GMTdonotreply@osnews.com (WereCatf)CommentsRE[4]: Alpha and Omega? Or the 12th Imam?http://www.osnews.com/thread?447377
http://www.osnews.com/thread?447377

When it immediately follows "loses its collective brain and starts panicking". Your own words, Thom.

It was not a swipe at religion, it was a swipe at the sheep herd mentality of some people. You really need to work on your reading comprehension.

Exactly. But you know, if there really was some sort of end of times thing going on, I'd imagine people would lose their minds and panic. So I'm not sure what the swipe is even supposed to be even without any reading comprehension.Thu, 28 Oct 2010 01:38:00 GMTdonotreply@osnews.com (mrstep)CommentsGoogle Chrome immune?http://www.osnews.com/thread?447385
http://www.osnews.com/thread?447385Not gonna test it, but I know for a fact that Chrome prevents installation of stuff by Java applets or other means on websites.

IronFox (a secured version of Firefox for the Mac) has the same thing, since both Chrome and IronFox use the Mac OS X Sandbox.

I know their are many Networking-vendors that ship java-tooling, but that is for the desktop or atleast for that very specialized group of people.Thu, 28 Oct 2010 04:48:00 GMTdonotreply@osnews.com (Lennie)Commentspress yes to be dumbhttp://www.osnews.com/thread?447390
http://www.osnews.com/thread?447390if only people learnt to read instead of always clicking yes.Thu, 28 Oct 2010 04:52:00 GMTdonotreply@osnews.com (stabbyjones)Commentsthe elephant in the roomhttp://www.osnews.com/thread?447394
http://www.osnews.com/thread?447394Just Because your member can fit in a light bulb, does not mean you should try to fug one. It seems funny to an old graybeard but if you want quality stolen SW then -good luck- I mean remember Limewire? I really wonder how many machines I fixed because of what that beast downloaded so:
1.> I do not think that turning off Java, or javascript will fix it, because Vuze is a java app. (or at least last time I checked) So while the major parties and browsers can easily patch this I do not think that the torrent vendors are going to be in the security business and that is shame. - and a newsgroup binary? puhleez. If You do not know your source then you do not know. (at least for sure)
2.>Security in this new internet is going to be so much harder than in the old internet. I suspect that before long the wise and the cunning will have to run VMs inside of VM's and have system snapshots every hour to ensure that they stay safe (while surfing naughty) - (note: sarcasm + tongue in cheek)
Or
3.> Only get your Media and SW from reputable sources. Not to play an holier than thou harp, but there is an inherent risk assessment that you will make on a task like .torrents.
-=-A few years back there was no such thing as p2p. And hate it or not there was no iTunes store or Amazon or whoever is number 3 in the market. But once I could find something weird like 'Screaming Jay Hawkins-I put a spell on you' or something treasured like a Nina Simone Anthology, Steely Dan or Stevie Wonder or Miles Davis and get it safely and pay what 99Â¢ each or $10 an album? I know I have gifted hundreds of dollars worth of music and movies/media to friends and family, and yhy not? Before the store we were all at a greater risk. THAT is the elephant in the room in this equation. Because phishing can be to a large extent patched or mitigated by the OS and Browser vendors, BUT the end user who really wants that file will still click on that link will get burned. Sure the link will get taken down - and maybe reposted - so it is a buyer beware world.
_Realistically_ I do not think the p2p world can support the entire string of hangers on in Hollywood and Silicon Valley and I have no Idea where the rest of the world gets or makes their SW and Media, but if you want to download media from strange sources then OK but please be advised of this: that cutting edge can cutThu, 28 Oct 2010 05:29:00 GMTdonotreply@osnews.com (kaelodest)CommentsDisabling plugin X is not an optionhttp://www.osnews.com/thread?447395
http://www.osnews.com/thread?447395Whenever people say that you should just turn of plugin X I almost throw a hissy fit.

Disabling X does not solve the greater issue.

Next you'll be asing me to not use the browser at all? - they have almost weekly 0-day exploits.

Oh, and my OS is insecure too? - best pull the plug entirely then.

We use Flash, Java, Unity, Plugin X for a reason. It provides features that browsers do not allow.

In the case of Java, you can scream all you want, but html/5 + webgl + tracemonkey is simply not good enough for running stuff like minecraft - or other OpenGL based Java games (see: http://lwjgl.org).
Furthermore, for instance in Denmark, then national ID scheme is using a Java component to securely log in on all sites.
You may argue that it should have been done in another way, and I would probably agree. But the fact remains that to use the government provided national ID, you MUST have Java installed and enabled for your browser.Thu, 28 Oct 2010 05:35:00 GMTdonotreply@osnews.com (Matzon)CommentsRE: Google Chrome immune?http://www.osnews.com/thread?447397
http://www.osnews.com/thread?447397if http://lwjgl.org/applet/ runs, then chrome can't block it.Thu, 28 Oct 2010 05:37:00 GMTdonotreply@osnews.com (Matzon)CommentsRE[2]: Google Chrome immune?http://www.osnews.com/thread?447398
http://www.osnews.com/thread?447398not sure about that, cuz the company I work for has a VPN thing, starts by running a Java applet that tries to install something in /Applications (a Java app). Took me a while to figure out why it never installed - I was using Chrome and Chrome would block the actual installation on the system, even though the initial applet would run/download.

(FWIW, I refused the applet you linked, have no idea what it is lol)Thu, 28 Oct 2010 05:45:00 GMTdonotreply@osnews.com (patrix)CommentsRE: Disabling plugin X is not an optionhttp://www.osnews.com/thread?447403
http://www.osnews.com/thread?447403

In the case of Java, you can scream all you want, but html/5 + webgl + tracemonkey is simply not good enough for running stuff like minecraft - or other OpenGL based Java games

Of course, this technology isnât shipping in non-beta builds of browsers at the moment, but to think outright that HTML5+WebGL won't _ever_ compete is silly. Give it another two years and weâll be seeing very serious 3D games being released directly on the web. And why not? Itâs still OpenGL, itâs still 3D, and no installer is needed (bar an up to date browser).

Thereâs a ton of game websites out there like miniclip, who have been reliant on Flash and Java for a decade and they are going to have to face an upheaval in their market where they will have to embrace JavaScript games in order to expand onto the iPad / iPhone and other mobile devices. What company, in this instance, would choose death over new technology, bar ignorance?Thu, 28 Oct 2010 06:45:00 GMTdonotreply@osnews.com (Kroc)CommentsRE: press yes to be dumbhttp://www.osnews.com/thread?447404
http://www.osnews.com/thread?447404If only the questions werenât so unhelpful.Thu, 28 Oct 2010 06:47:00 GMTdonotreply@osnews.com (Kroc)Commentshow convenient ...http://www.osnews.com/thread?447408
http://www.osnews.com/thread?447408how convenient ...
just when apple is thinking to phase out java from osx,
and this move could potentially get criticized by community,
java turn out to be a security threat
where horrible crackers use it to attack poor osx (and fail of course..)

can you imagine a more convenient picture ?Thu, 28 Oct 2010 07:27:00 GMTdonotreply@osnews.com (freeaks)CommentsRE[3]: Google Chrome immune?http://www.osnews.com/thread?447411
http://www.osnews.com/thread?447411hah, sorry. The applet is a GLGears demo, using java and OpenGL. It needs access because it has native code to access OpenGL.

The fact that you got the "install" dialog, basically proves that Chrome isn't blocking it.Thu, 28 Oct 2010 07:54:00 GMTdonotreply@osnews.com (Matzon)CommentsRE[2]: Disabling plugin X is not an optionhttp://www.osnews.com/thread?447412
http://www.osnews.com/thread?447412I agree that eventually WebGL will replace a lot of this, however do remember, that we were doing OpenGL in applets in 2006 using Java.

4 years later and HTML is still not there.

I would prefer that everything was open like html and javascript - but the fact of the matter is that plugins provide content producers with means for doing stuff that wouldn't otherwise be possible.Thu, 28 Oct 2010 08:02:00 GMTdonotreply@osnews.com (Matzon)CommentsRE[3]: Disabling plugin X is not an optionhttp://www.osnews.com/thread?447415
http://www.osnews.com/thread?447415There is also NaCl. And anyway, 4 years ago there were no HTML5 websites or barely anybody using this tech. A lot of this tech is still not shipping in browsers.

Thatâs like saying to me that 100 years ago they didnât have quantum computers. We barely have them now, so the time-frame is irrelevant.

Given that the only option outside of the App Store for the iPad / iPhone is HTML5, I think it has plenty of chance for big things. Mozilla are holding an HTML game competition; wait for the results of that before reserving judgement.Thu, 28 Oct 2010 08:31:00 GMTdonotreply@osnews.com (Kroc)CommentsJava security alerthttp://www.osnews.com/thread?447418
http://www.osnews.com/thread?447418"In their report, they say the initial Java apple portion throws up a nice Java warning cancel/allow dialog, meaning everything works as intended and the threat level of this attack is low."

Ok so how useful is the standard Mac OS X Java security alert? From what I can tell the alert is non descriptive and a non technical user might just as well click allow.
I mean how are they to know whether this alert has any merit, and what does it matter to them when all they want is access to their file or video. Even if one were to view the certificate, what would a non technical user make of it.Thu, 28 Oct 2010 08:39:00 GMTdonotreply@osnews.com (Dirge)CommentsRE: Alpha and Omega? Or the 12th Imam?http://www.osnews.com/thread?447419
http://www.osnews.com/thread?447419

It isn't like a swipe at religion (organized or otherwise) is pertinent to an article about a Java non-vulnerability.

You are far too sensitive/paranoid.Thu, 28 Oct 2010 08:41:00 GMTdonotreply@osnews.com (n.l.o)CommentsRE[4]: Disabling plugin X is not an optionhttp://www.osnews.com/thread?447421
http://www.osnews.com/thread?447421Exactly! Which is why I am saying that plugins have their merit!

My comment was mostly in response to the:

What on earth are you using it for anyway in your web browser?

We need to use Java (with OpenGL) to do stuff like Minecraft (or any of the other lwjgl games (lots)).
And this is of course only one example. There are many things that simply cannot be done, easily - or not at all, in a cross browser fashion using html/5.Thu, 28 Oct 2010 08:50:00 GMTdonotreply@osnews.com (Matzon)CommentsRE[2]: Disabling plugin X is not an optionhttp://www.osnews.com/thread?447422
http://www.osnews.com/thread?447422

Thereâs a ton of game websites out there like miniclip, who have been reliant on Flash and Java for a decade and they are going to have to face an upheaval in their market where they will have to embrace JavaScript games in order to expand onto the iPad / iPhone and other mobile devices. What company, in this instance, would choose death over new technology, bar ignorance?

No, in my opinion they wouldn't embrace JS. In the worst case the number of browser games is simply going to shrink.

The problem is that Javascript and HTML5 are ugly technologies. Most creative people want to deal with a simple, high-level language, which works in the same way in all supported browsers, and has a good official IDE. It's precisely what Flash offers, and no replacement exists among web standards I think..Thu, 28 Oct 2010 08:50:00 GMTdonotreply@osnews.com (Neolander)CommentsRE[2]: Disabling java is sometimes not an optionhttp://www.osnews.com/thread?447423
http://www.osnews.com/thread?447423I noticed the ASUS support site used Java for the download manager when I grabbed some motherboard drivers just yesterday.Edited 2010-10-28 08:59 UTCThu, 28 Oct 2010 08:58:00 GMTdonotreply@osnews.com (Dirge)CommentsRE: how convenient ...http://www.osnews.com/thread?447424
http://www.osnews.com/thread?447424Exactly what I was thinking. Instead of downplaying the trojan, mac fanatics may as well raise it to defcon 5 (more accurately, drop it to defcon 1) and insist on deprecating java for great justice..Thu, 28 Oct 2010 09:04:00 GMTdonotreply@osnews.com (FealDorf)CommentsRE: press yes to be dumbhttp://www.osnews.com/thread?447427
http://www.osnews.com/thread?447427

if only people learnt to read instead of always clicking yes.

Agreed. Because it's well documented how normal users make the best security experts.

In fact, more OSs should move away from their current security set up in favour of prompting the users what their opinion of an unknown application is.Edited 2010-10-28 09:32 UTCThu, 28 Oct 2010 09:31:00 GMTdonotreply@osnews.com (Laurence)CommentsRE[3]: Disabling plugin X is not an optionhttp://www.osnews.com/thread?447431
http://www.osnews.com/thread?447431Because nobody makes games with C++, obviously.Thu, 28 Oct 2010 10:58:00 GMTdonotreply@osnews.com (Kroc)CommentsRE[2]: Disabling plugin X is not an optionhttp://www.osnews.com/thread?447433
http://www.osnews.com/thread?447433

where they will have to embrace JavaScript games in order to expand onto the iPad / iPhone and other mobile devices. What company, in this instance, would choose death over new technology, bar ignorance?

Why would choosing Flash be death?Thu, 28 Oct 2010 11:41:00 GMTdonotreply@osnews.com (nt_jerkface)CommentsRE[3]: Disabling plugin X is not an optionhttp://www.osnews.com/thread?447434
http://www.osnews.com/thread?447434Not death, lack of growth. And in the stock market, lack of growth == death in analysts eyes Thu, 28 Oct 2010 11:43:00 GMTdonotreply@osnews.com (Kroc)CommentsSample?http://www.osnews.com/thread?447435
http://www.osnews.com/thread?447435Does anyone know of where a sample can be found? i would like to test what happens within ironfox if it is exploited.Thu, 28 Oct 2010 12:01:00 GMTdonotreply@osnews.com (trams)CommentsRE[3]: Alpha and Omega? Or the 12th Imam?http://www.osnews.com/thread?447448
http://www.osnews.com/thread?447448Hmmm. I am generally very sensitive about things like that and it didn't set off my alarm.Thu, 28 Oct 2010 14:17:00 GMTdonotreply@osnews.com (Tuishimi)CommentsCan't blaim 'emhttp://www.osnews.com/thread?447451
http://www.osnews.com/thread?447451This article makes a lot more sense now:http://www.osnews.com/story/23923/Apple_To_Remove_Java_from_Mac_OS_...Thu, 28 Oct 2010 14:35:00 GMTdonotreply@osnews.com (Eddyspeeder)CommentsRE[4]: Alpha and Omega? Or the 12th Imam?http://www.osnews.com/thread?447454
http://www.osnews.com/thread?447454

Hmmm. I am generally very sensitive about things like that and it didn't set off my alarm.

Me neither.

Should I complain about the "swipe" at my religion by gus3 in his subject heading too? Thu, 28 Oct 2010 15:19:00 GMTdonotreply@osnews.com (n.l.o)CommentsRE[4]: Google Chrome immune?http://www.osnews.com/thread?447457
http://www.osnews.com/thread?447457This time I went ahead and clicked "authorise" and "execute"

Just as I thought, Chrome blocks anything from installing so the applet can't run. Even if the Java plugin asks me to execute it, Chrome will prevent it from putting anything on the system.Thu, 28 Oct 2010 15:21:00 GMTdonotreply@osnews.com (patrix)CommentsRE: Disabling java is sometimes not an optionhttp://www.osnews.com/thread?447460
http://www.osnews.com/thread?447460Microsoft zealots don't care about functionality you loose. They only want to libel and FUD Java. (and possibly make you install SilverBlight) That's the purpose of this article.Thu, 28 Oct 2010 16:43:00 GMTdonotreply@osnews.com (gnufreex)CommentsRE[2]: Disabling java is sometimes not an optionhttp://www.osnews.com/thread?447462
http://www.osnews.com/thread?447462You forgot the ever popular Micro$oft and other silly ways that people think will cause Microsoft to go all emo...Thu, 28 Oct 2010 17:16:00 GMTdonotreply@osnews.com (aesiamun)CommentsRE[5]: Google Chrome immune?http://www.osnews.com/thread?447468
http://www.osnews.com/thread?447468ohh, interresting... That doesn't happen for me on Windows 7, 64bit, chrome 8Thu, 28 Oct 2010 18:19:00 GMTdonotreply@osnews.com (Matzon)CommentsAs well as Boonana there is now Koobfacehttp://www.osnews.com/thread?447581
http://www.osnews.com/thread?447581http://news.softpedia.com/news/New-Koobface-Variant-Infects-Linux-t...

Security researchers warn that a new drive-by download attack is capable of infecting Windows, Mac OS X and Linux systems with a new variant of the notorious Koobface worm.

Apparently, this one works.

Once installed on a computer, the worm hijacks the social networking accounts of its owner and uses them to propagate.

Infected systems join together in a botnet and contact a command and control server, from where they receive instructions.

According to Jerome Segura, a security researcher at ParetoLogic, who analyzed the attack, the Linux Koobface version is attached to a Java applet called jnana.tsa.

The applet is dropped inside the user's home directory and stops running at computer reboot. This means that on Linux, unlike on Windows, the Koobface infections are temporary.

However, Linux computers tend to stay open much longer than Windows ones, which gives attackers enough time to use them for malicious purposes.